Skip to main content

Rapidvms CVE-2026-33849

| EUVDEUVD-2026-14750 HIGH
Buffer Overflow (CWE-119)
2026-03-24 GovTech CSG
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 20, 2026 - 20:22 vuln.today
cvss_changed
EUVD ID Assigned
Mar 24, 2026 - 06:15 euvd
EUVD-2026-14750
Analysis Generated
Mar 24, 2026 - 06:15 vuln.today
Patch released
Mar 24, 2026 - 06:15 nvd
Patch available
CVE Published
Mar 24, 2026 - 05:52 nvd
HIGH 8.8

DescriptionCVE.org

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.

AnalysisAI

RapidVMS before PR#96 contains a buffer overflow vulnerability that allows unauthenticated remote attackers to achieve code execution, data theft, or system compromise with minimal user interaction. The flaw stems from improper memory bounds checking and carries a high CVSS score of 8.8 with network-based attack vectors. A patch is available to address this critical memory safety issue.

Technical ContextAI

This vulnerability is a classic buffer overflow (CWE-119) affecting the rapidvms video management system from linkingvision. The affected product is identified via CPE as cpe:2.3:a:linkingvision:rapidvms. CWE-119 represents improper restriction of operations within memory buffer bounds, which typically occurs when software writes data beyond allocated buffer boundaries, allowing attackers to overwrite adjacent memory regions. This can lead to arbitrary code execution, denial of service, or information disclosure. RapidVMS is an open-source video management system, and the vulnerability exists in the core application code that handles memory operations incorrectly.

RemediationAI

Apply the vendor patch by merging or updating to rapidvms with pull request #96 incorporated, available at https://github.com/linkingvision/rapidvms/pull/96. Organizations should immediately update their rapidvms installations to include this security fix. As an interim mitigation until patching is complete, restrict network access to rapidvms interfaces to trusted IP ranges only, implement additional authentication layers, and educate users about the risks of interacting with untrusted content within the VMS interface since user interaction is required for exploitation. Monitor for unusual memory consumption or application crashes that could indicate exploitation attempts.

Share

CVE-2026-33849 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy